CVE-2022-36919
published 2022-07-27CVE-2022-36919: A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A missing permission check in Jenkins Coverity Plugin 1.11.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | android_signing_plugin | — | — |
| jenkins | bmc_ami_devx_code_debug_code_coverage_plugin | — | — |
| jenkins | bmc_ami_devx_code_pipeline_operations_plugin | — | — |
| jenkins | buckminster_plugin | — | — |
| jenkins | clif_performance_testing_plugin | — | — |
| jenkins | code_pipeline_plugin | — | — |
| jenkins | compuware_topaz_utilities_plugin | — | — |
| jenkins | coverity | <= 1.11.4 | — |
| jenkins | coverity_plugin | — | — |
| jenkins | deployer_framework_plugin | — | — |
| jenkins | dynamic_extended_choice_parameter_plugin | — | — |
| jenkins | external_monitor_job_type_plugin | — | — |
| jenkins | files_found_trigger_plugin | — | — |
| jenkins | for_more_information_see_the_plugin | — | — |
| jenkins | git_client_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | github_plugin | — | — |
| jenkins | google_cloud_backup_plugin | — | — |
| jenkins | hashicorp_vault_plugin | — | — |
| jenkins | http_request_plugin | — | — |
| jenkins | jenkins_ci_server_plugin | — | — |
| jenkins | job_configuration_history_plugin | — | — |
| jenkins | lack_of_authentication_mechanism_in_git_plugin | — | — |
| jenkins | lucene-search_plugin | — | — |
| jenkins | maven_metadata_plugin | — | — |